package io.renren.utils;

import io.renren.entity.SysUserEntity;
import io.renren.xss.SQLFilter;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 查询参数
 *
 * @author chenshun
 * @email sunlightcs@gmail.com
 * @date 2017-03-14 23:15
 */
public class QueryAuthority extends LinkedHashMap<String, Object> {
	private static final long serialVersionUID = 1L;
	//当前页码
    private int page;
    //每页条数
    private int limit;

    public QueryAuthority(Map<String, Object> params){

        SysUserEntity user= (SysUserEntity) ShiroUtils.getSubject().getSession().getAttribute("user");
        String username=user.getUsername();
        params.put("cusername", username);
        params.put("depts", user.getDeptnoList());
        if(user.getSettlementList()!=null&&user.getSettlementList().size()>0) {
            params.put("settlementlist", user.getSettlementList());
        }
        if("admin".equals(username)){
            params.put("superAdministrator", "admin");
        }
        this.putAll(params);

        //分页参数
        this.page = Integer.parseInt(params.get("page").toString());
        this.limit = Integer.parseInt(params.get("limit").toString());
        this.put("offset", (page - 1) * limit);
        this.put("page", page);
        this.put("limit", limit);

        //防止SQL注入（因为sidx、order是通过拼接SQL实现排序的，会有SQL注入风险）
        String sidx = params.get("sidx").toString();
        String order = params.get("order").toString();
        this.put("sidx", SQLFilter.sqlInject(sidx));
        this.put("order", SQLFilter.sqlInject(order));
    }


    public int getPage() {
        return page;
    }

    public void setPage(int page) {
        this.page = page;
    }

    public int getLimit() {
        return limit;
    }

    public void setLimit(int limit) {
        this.limit = limit;
    }
}
